Packet Captures
packet-c.cap 675.0 KB
Submitted Jan 31, 2012 by Slaingod
This is a packet capture from a SonicWall. We were troubleshooting DHCP packet flows. The SonicWall saw the DHCP Discover and Sent an Offer. We never saw the DHCP acknowledgement. In the adjacent core stacked switching we were running "debug ip dhcp server packets" we only saw discover packets from IP phones up to the SonicWall. For some reason the SonicWall could not let any other DHCP packets through or out of it INSIDE (LAN) interface. Even if we put an ANY-ANY ALC for that interface. We ended up having to replace the SonicWall and upload the configuration from the old SonicWall to the new one.
-Slaingod
BOOTP DNS HTTP IP LLC SKINNY SSL STP TCP UDP
Packets: 926 | Duration: 13s | Downloads: 15586 |
IPv6_RTSP.cap 15.5 KB
Submitted Jan 12, 2012 by Jawahar
This capture contains IPv6_RTSP packets. Accessed IPv6 enabled RTSP server using 6in4 tunnel.
Packets: 17 | Duration: 3s | Downloads: 7325 |
OCSP-Not_Implemted.cap 1.1 KB
Submitted Jun 10, 2011 by kerlenpondi
OCSP-Not_Implemted
Packets: 10 | Duration: n/a | Downloads: 8869 |
OCSP-Revoked.cap 1.8 KB
Submitted Jun 10, 2011 by kerlenpondi
OCSP (Comodo - FAKE crt Addons-mozilla-org)
Packets: 10 | Duration: n/a | Downloads: 7422 |
OCSP-Good.cap 3.5 KB
Submitted Jun 8, 2011 by kerlenpondi
OCSP_Good (CRL HTTPS CA Verisign)
Packets: 14 | Duration: 1s | Downloads: 8911 |
traceroute_MPLS.cap 3.3 KB
Submitted May 14, 2011 by stretch
Packets: 29 | Duration: 3s | Downloads: 19268 |
cm4116_telnet.cap 9.4 KB
Submitted Mar 1, 2011
Short Telnet session with an Opengear CM4116 used to demonstrate the urgent flag and pointer
Packets: 113 | Duration: 14s | Downloads: 17673 |
HTTP.cap 24.9 KB
Submitted Mar 1, 2011
Simple HTTP transfer of a PNG image using wget
Packets: 40 | Duration: n/a | Downloads: 26830 |
DHCP_MessageType 10,11,12 and 13.cap 1.9 KB
Submitted Jan 31, 2011 by Jawahar
Access Concentrator/router queries lease for particular IP addresses using message type as "DHCP LEASE QUERY" and gets response as DHCP LEASE ACTIVE,LEASE UNASSIGNED and LEASE UNKNOWN.
Access Concenttrator/Router IP=10.10.39.14
DHCP server IP=10.10.35.33
Packets: 6 | Duration: 13s | Downloads: 13490 |
QinQ.pcap.cap 184 bytes
Submitted Jan 9, 2011 by Ysaad
ARP requests having two vlan IDs attached (QinQ)
Packets: 2 | Duration: 2s | Downloads: 15798 |
iphttps.cap 12.4 KB
Submitted Nov 12, 2010 by nacnud
IP-HTTPS capture. This is Microsoft's IPv6 inside HTTPS tunneling for DirectAccess.
ARP DNS Ethernet ICMPv6 IGMP IP IPv6 LLC NBNS NBSS SSL TCP UDP
Packets: 83 | Duration: 38s | Downloads: 14514 |
WCCPv2.pcap.cap 2.8 KB
Submitted Oct 5, 2010 by Ysaad
WCCP communication captures between 7200 Router and a WCCP capable optimization device (In my case it is Riverbed's Stealhead 2050)
Packets: 15 | Duration: 27s | Downloads: 8735 |
LLDP_and_CDP.cap 4.0 KB
Submitted Oct 3, 2010
LLDP and CDP advertisements sent between two switches, S1 and S2.
Packets: 12 | Duration: 98s | Downloads: 15916 |
TACACS+_encrypted.cap 2.8 KB
Submitted Sep 28, 2010
TACACS+ authentication and authorization requests as made by a Cisco IOS router upon a user logging in via Telnet.
Packets: 34 | Duration: 7s | Downloads: 13550 |
PPPoE_Dual-Stack_IPv4_IPv6-with_DHCPv6.cap 6.1 KB
Submitted Sep 13, 2010 by pierky
Dual-stack PPPoE: IP (IPv4) and IPv6 with DHCPv6
Ethernet IPCP IPV6CP IPv6 LCP PAP PPP PPPOED PPPOES
Packets: 65 | Duration: 46s | Downloads: 16887 |
ICMP_over_L2TPv3_Pseudowire.pcap.cap 5.3 KB
Submitted Sep 4, 2010 by onefst250r
ICMP pings from a CE to a second CE via a L2TPv3 pseudowire.
Packets: 38 | Duration: 30s | Downloads: 12485 |
802.1Q_tunneling.cap 5.0 KB
Submitted Jun 30, 2010
Packets: 26 | Duration: 35s | Downloads: 21144 |
BGP_MP_NLRI.cap 2.9 KB
Submitted Jun 28, 2010
IPv6 routes are carried as a separate address family inside MP_REACH_NLRI attributes.
Packets: 24 | Duration: 60s | Downloads: 16615 |
TCP_SACK.cap 27.5 KB
Submitted Jun 16, 2010
A TCP SACK option is included in packets #31, #33, #35, and #37. The missing segment is retransmitted in packet #38.
Packets: 39 | Duration: n/a | Downloads: 26834 |
PPP_EAP.cap 2.5 KB
Submitted Jun 7, 2010
PPP link negotiation employing EAP MD5 authentication
Packets: 52 | Duration: 52s | Downloads: 18092 |
4-byte_AS_numbers_Mixed_Scenario.cap 414 bytes
Submitted Apr 30, 2010 by pierky
Router "B" (AS 2) at 172.16.3.2 does not support 4-byte AS numbers, while router "A" (AS 10.1 / 655361) at 172.16.3.1 does.
Router "A" receives an UPDATE for the 40.0.0.0/8 subnet from an external router ("D") in the AS 40.1 / 2621441 (not shown), and it forwards it to "B" (pkt n. 2): AS_PATH contains "23456 23456" (the first stands for AS 10.1, the second for the originating AS 40.1), but NEW_AS_PATH contains the real 4-byte AS numbers.
At pkt n. 3 "B" receives the same subnet directly from "D" and sends it to "A", including the original NEW_AS_PATH attribute previously appended by "D".
Packets: 4 | Duration: 60s | Downloads: 9551 |
4-byte_AS_numbers_Full_Support.cap 1.2 KB
Submitted Apr 30, 2010 by pierky
Router at 172.16.1.2 (hostname "D", AS 40.1 / 2621441) clears a previous established peering with 172.16.1.1 (hostname "A", AS 10.1 / 655361); They both support 32-bit ASN.
While opening the new session, they negotiate the "Four-octet AS Number Capability" (pkts n. 2 and 3).
Then, both "A" and "D" send some UPDATEs containing 4-octect encoded AS_PATH attributes (pkts n. 6 and 9). Please note: WireShark may show wrong paths unless you force 4-byte encoding in the Preferences / Protocols / BGP options.
Packets: 9 | Duration: 56s | Downloads: 8906 |
DECnet_Phone.pcap.cap 7.5 KB
Submitted Jan 13, 2010 by vmlemon
A DECnet Phone session, using the Linux DECnet stack and a clone/port of the OpenVMS eponymous tool.
Packets: 139 | Duration: 100s | Downloads: 7143 |
rpvstp-trunk-native-vid5.pcap.cap 1.8 KB
Submitted Dec 16, 2009 by einval
Rapid per-VLAN spanning tree capture of a trunk port, configured with native VLAN 5, VLAN 1 is also active over the trunk.
Capture shows that 3 BPDUs are sent out, one for classic STP (Frame 4, for example), one for the native VLAN 5 (not tagged - Frame 5) and one for each other active VLAN (tagged - Frame 3).
The PVST BPDUs contain the VLAN ID at the end of the frame (01 and 05, respectively).
DTP Ethernet LLC LOOP STP VLAN VTP
Packets: 22 | Duration: 11s | Downloads: 13633 |
rpvstp-trunk-native-vid1.pcap.cap 6.4 KB
Submitted Dec 16, 2009 by einval
Rapid per-VLAN spanning tree capture of a trunk port, configured with native VLAN 1 (default), VLAN 5 is also active over the trunk.
Capture shows that 3 BPDUs are sent out, one for classic STP (Frame 4, for example), one for the native VLAN (not tagged - Frame 3) and one for each other active VLAN (tagged - Frame 5).
The PVST BPDUs contain the VLAN ID at the end of the frame (01 and 05, respectively).
DTP Ethernet LLC LOOP STP VLAN VTP
Packets: 81 | Duration: 45s | Downloads: 11897 |